cybernews

fuite de donnée enregistrée

Latest News


CVE-2025-40654 - "DM Corporative CMS SQL Injection Vulnerability"

CVE ID : CVE-2025-40654
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40655 - DM Corporative CMS SQL Injection

CVE ID : CVE-2025-40655
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40656 - DM Corporative CMS SQL Injection Vulnerability

CVE ID : CVE-2025-40656
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40657 - DM Corporative CMS SQL Injection Vulnerability

CVE ID : CVE-2025-40657
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40658 - DM Corporative CMS IDOR

CVE ID : CVE-2025-40658
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40659 - DM Corporative CMS IDOR

CVE ID : CVE-2025-40659
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40660 - DM Corporative CMS IDOR Vulnerability

CVE ID : CVE-2025-40660
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40661 - DM Corporative CMS IDOR Vulnerability

CVE ID : CVE-2025-40661
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-40662 - DM Corporative CMS Absolute Path Disclosure

CVE ID : CVE-2025-40662
Published : June 10, 2025, 10:15 a.m. | 26 minutes ago
Description : Absolute path disclosure vulnerability in DM Corporative CMS. This vulnerability allows an attacker to view the contents of webroot/file, if navigating to a non-existent file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 10:15:00 GMT

read more

CVE-2025-3112 - Apache Webserver Resource Exhaustion Denial of Service

CVE ID : CVE-2025-3112
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3116 - Apache HTTP Server SSL/TLS Denial of Service Vulnerability

CVE ID : CVE-2025-3116
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3117 - Apache Configuration File Cross-site Scripting (XSS)

CVE ID : CVE-2025-3117
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3898 - Apache Webserver Denial of Service Vulnerability

CVE ID : CVE-2025-3898
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3899 - Webserver Certificates Cross-site Scripting

CVE ID : CVE-2025-3899
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-3905 - Siemens PLC Cross-site Scripting

CVE ID : CVE-2025-3905
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-4680 - upKeeper Instant Privilege Access Input Validation Bypass

CVE ID : CVE-2025-4680
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-4681 - upKeeper Instant Privilege Access Privilege Abuse Vulnerability

CVE ID : CVE-2025-4681
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5740 - Apache HTTP Server Path Traversal Vulnerability

CVE ID : CVE-2025-5740
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an unauthenticated user on the web server manipulates file path.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5741 - "Siemens Charging Station Path Traversal Vulnerability"

CVE ID : CVE-2025-5741
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5742 - Apache Web Server Cross-site Scripting Vulnerability

CVE ID : CVE-2025-5742
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-5743 - "Web Server Charging Station OS Command Injection"

CVE ID : CVE-2025-5743
Published : June 10, 2025, 9:15 a.m. | 58 minutes ago
Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 09:15:00 GMT

read more

CVE-2025-27817 - Apache Kafka Client Arbitrary File Read and SSRF Vulnerability

CVE ID : CVE-2025-27817
Published : June 10, 2025, 8:15 a.m. | 1 hour, 58 minutes ago
Description : A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls") to set the allowed urls in SASL JAAS configuration. In 3.9.1, it accepts all urls by default for backward compatibility. However in 4.0.0 and newer, the default value is empty list and users have to set the allowed urls explicitly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-27818 - Apache Kafka LdapLoginModule Deserialization Vulnerability

CVE ID : CVE-2025-27818
Published : June 10, 2025, 8:15 a.m. | 1 hour, 58 minutes ago
Description : A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka clusters since Apache Kafka 2.0.0 (Kafka Connect 2.3.0). When configuring the broker via config file or AlterConfig command, or connector via the Kafka Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector's Kafka clients to "com.sun.security.auth.module.LdapLoginModule", which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker's LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.9.1/4.0.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" are disabled in Apache Kafka Connect 3.9.1/4.0.0. We advise the Kafka users to validate connector configurations and only allow trusted LDAP configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the "org.apache.kafka.disallowed.login.modules" system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-27819 - Apache Kafka SASL JAAS JndiLoginModule RCE/DOS

CVE ID : CVE-2025-27819
Published : June 10, 2025, 8:15 a.m. | 1 hour, 58 minutes ago
Description : In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka 3.4.0, and "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" is disabled by default in in Apache Kafka 3.9.1/4.0.0
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-5945 - Centreon Centreon-web OS Command Injection

CVE ID : CVE-2025-5945
Published : June 10, 2025, 8:15 a.m. | 1 hour, 58 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 08:15:00 GMT

read more

CVE-2025-1041 - Avaya Call Management System Remote Command Injection

CVE ID : CVE-2025-1041
Published : June 10, 2025, 6:15 a.m. | 3 hours, 58 minutes ago
Description : An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior to 19.2.0.7, and 20.x prior to 20.0.1.0.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 06:15:00 GMT

read more

CVE-2025-4840 - Inprosysmedia Likes Dislikes Post SQL Injection Vulnerability

CVE ID : CVE-2025-4840
Published : June 10, 2025, 6:15 a.m. | 3 hours, 58 minutes ago
Description : The inprosysmedia-likes-dislikes-post WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 06:15:00 GMT

read more

CVE-2025-4954 - Axle Demo Importer WordPress File Upload Vulnerability

CVE ID : CVE-2025-4954
Published : June 10, 2025, 6:15 a.m. | 3 hours, 58 minutes ago
Description : The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 06:15:00 GMT

read more

CVE-2025-3076 - Elementor Website Builder Pro - Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-3076
Published : June 10, 2025, 5:15 a.m. | 4 hours, 58 minutes ago
Description : The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 05:15:00 GMT

read more

CVE-2025-5935 - Open5GS AMF/MME Denial of Service Vulnerability

CVE ID : CVE-2025-5935
Published : June 10, 2025, 5:15 a.m. | 4 hours, 58 minutes ago
Description : A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 05:15:00 GMT

read more

CVE-2025-5952 - Zend.To OS Command Injection

CVE ID : CVE-2025-5952
Published : June 10, 2025, 5:15 a.m. | 4 hours, 58 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file_1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.10-7 is able to address this issue. It is recommended to upgrade the affected component. This affects a rather old version of the software. The vendor recommends updating to the latest release.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 05:15:00 GMT

read more

CVE-2025-5913 - "PHPGurukul Vehicle Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5913
Published : June 10, 2025, 4:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-5925 - WordPress Bunny's Print CSS CSRF Vulnerability

CVE ID : CVE-2025-5925
Published : June 10, 2025, 4:15 a.m. | 5 hours, 57 minutes ago
Description : The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcss_options_subpanel() function. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-5934 - Netgear EX3700 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5934
Published : June 10, 2025, 4:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-4387 - Abandoned Cart Pro for WooCommerce Authenticated Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-4387
Published : June 10, 2025, 4:15 a.m. | 4 hours, 26 minutes ago
Description : The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up to, and including, 9.16.0. This makes it possible for an authenticated attacker, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may allow for either remote or local code execution depending on the server configuration.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-4601 - "RH Real Estate WordPress Theme Privilege Escalation Vulnerability"

CVE ID : CVE-2025-4601
Published : June 10, 2025, 4:15 a.m. | 4 hours, 25 minutes ago
Description : The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2025-5912 - D-Link DIR-632 Remote Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5912
Published : June 10, 2025, 4:15 a.m. | 4 hours, 25 minutes ago
Description : A vulnerability was found in D-Link DIR-632 FW103B08. It has been declared as critical. This vulnerability affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 04:15:00 GMT

read more

CVE-2024-55595 - Cisco Webex Meeting Server Unvalidated Redirect

CVE ID : CVE-2024-55595
Published : June 10, 2025, 3:15 a.m. | 5 hours, 25 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 03:15:00 GMT

read more

CVE-2025-5910 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5910
Published : June 10, 2025, 3:15 a.m. | 5 hours, 25 minutes ago
Description : A vulnerability has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 03:15:00 GMT

read more

CVE-2025-5911 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5911
Published : June 10, 2025, 3:15 a.m. | 5 hours, 25 minutes ago
Description : A vulnerability was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 03:15:00 GMT

read more

CVE-2025-5909 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5909
Published : June 10, 2025, 2:15 a.m. | 6 hours, 26 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 02:15:00 GMT

read more

CVE-2025-42996 - SAP MDM Server Session Hijacking Vulnerability

CVE ID : CVE-2025-42996
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify non-sensitive information or consume sufficient resources which could degrade the performance of the server causing low impact on confidentiality, integrity and availibility of the application.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42998 - SAP Business One Authentication Bypass

CVE ID : CVE-2025-42998
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5906 - Code-projects Laundry System Remote Authentication Bypass

CVE ID : CVE-2025-5906
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5907 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5907
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5908 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5908
Published : June 10, 2025, 1:15 a.m. | 7 hours, 26 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T up to 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42991 - SAP S/4HANA Bank Account Application Authorization Bypass

CVE ID : CVE-2025-42991
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42993 - SAP S/4HANA Unauthorized Event Consumption and Code Execution Vulnerability

CVE ID : CVE-2025-42993
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC destination, leading to code execution under the privileges of the assigned high-privilege user. While the vulnerability has a low impact on Availability, it significantly poses a high risk to both Confidentiality and Integrity.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42994 - SAP MDM Server Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-42994
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42995 - SAP MDM Server Denial of Service (DoS)

CVE ID : CVE-2025-42995
Published : June 10, 2025, 1:15 a.m. | 6 hours, 58 minutes ago
Description : SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then fail and exit unexpectedly causing high impact on availability with no impact on confidentiality and integrity of the application.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42988 - SAP Business Objects Business Intelligence Platform Information Disclosure

CVE ID : CVE-2025-42988
Published : June 10, 2025, 1:15 a.m. | 4 hours, 58 minutes ago
Description : Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42989 - Apache HTTP Server Authentication Bypass Privilege Escalation

CVE ID : CVE-2025-42989
Published : June 10, 2025, 1:15 a.m. | 4 hours, 58 minutes ago
Description : RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and availability of the application.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42990 - SAPUI5 Cross-Site Scripting (XSS)

CVE ID : CVE-2025-42990
Published : June 10, 2025, 1:15 a.m. | 4 hours, 58 minutes ago
Description : Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-23192 - SAP BusinessObjects Business Intelligence BI Workspace Cross-Site Scripting (XSS)

CVE ID : CVE-2025-23192
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-31325 - SAP NetWeaver Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-31325
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42977 - SAP NetWeaver Visual Composer Directory Traversal Vulnerability

CVE ID : CVE-2025-42977
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42982 - SAP GRC Authentication Bypass

CVE ID : CVE-2025-42982
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42983 - SAP Business Warehouse and SAP Plug-In Basis Data Deletion Vulnerability

CVE ID : CVE-2025-42983
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42984 - SAP S/4HANA Authorization Bypass

CVE ID : CVE-2025-42984
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-42987 - SAP Manage Processing Rules Authorization Bypass

CVE ID : CVE-2025-42987
Published : June 10, 2025, 1:15 a.m. | 2 hours, 57 minutes ago
Description : SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 01:15:00 GMT

read more

CVE-2025-5904 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5904
Published : June 10, 2025, 12:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument device_name leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-5905 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5905
Published : June 10, 2025, 12:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument Password leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-0036 - AMD Versal Adaptive SoC Cryptographic Data Tampering Vulnerability

CVE ID : CVE-2025-0036
Published : June 10, 2025, 12:15 a.m. | 2 hours, 56 minutes ago
Description : In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-0037 - AMD Versal Adaptive SoC PLM Firmware Memory Access Vulnerability

CVE ID : CVE-2025-0037
Published : June 10, 2025, 12:15 a.m. | 2 hours, 56 minutes ago
Description : In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-5903 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5903
Published : June 10, 2025, 12:15 a.m. | 2 hours, 56 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Tue, 10 Jun 2025 00:15:00 GMT

read more

CVE-2025-26468 - CyberData Intercom Unauthenticated Remote Denial-of-Service Vulnerability

CVE ID : CVE-2025-26468
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData  011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30183 - CyberData Intercom Unsecured Admin Credentials Vulnerability

CVE ID : CVE-2025-30183
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData 011209 Intercom does not properly store or protect web server admin credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30507 - CyberData Intercom SQL Injection Vulnerability

CVE ID : CVE-2025-30507
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30515 - CyberData Intercom File Upload Vulnerability

CVE ID : CVE-2025-30515
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-5901 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5901
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-5902 - TOTOLINK T10 Buffer Overflow in POST Request Handler

CVE ID : CVE-2025-5902
Published : June 9, 2025, 11:15 p.m. | 44 minutes ago
Description : A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 23:15:00 GMT

read more

CVE-2025-30184 - CyberData Intercom Unauthenticated Web Interface Access

CVE ID : CVE-2025-30184
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-49140 - Pion Interceptor RTP Packet Panic

CVE ID : CVE-2025-49140
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen > 0 && padLen <= payloadLength` and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-5898 - GNU PSPP Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-5898
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-5899 - "GNU PSPP Heap Free of Memory Vulnerability"

CVE ID : CVE-2025-5899
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-5900 - Tenda AC9 Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5900
Published : June 9, 2025, 10:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 22:15:00 GMT

read more

CVE-2025-49004 - Caido DNS Rebinding Remote Command Execution

CVE ID : CVE-2025-49004
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49137 - HAX CMS Cross-Site Scripting (XSS)

CVE ID : CVE-2025-49137
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a `script` tag, it does allow the use of other HTML tags to run JavaScript. Version 11.0.0 fixes the issue.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49138 - HAX CMS Local File Inclusion Vulnerability

CVE ID : CVE-2025-49138
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49139 - HAX CMS Cross-Site Request Forgery (CSRF)

CVE ID : CVE-2025-49139
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited, the client's browser will query the supplied URL. An authenticated attacker can create a HAX site with a website block pointing at an attacker-controlled server running Responder or a similar tool. The attacker can then conduct a phishing attack by convincing another user to visit their malicious HAX site to harvest credentials. Version 11.0.0 contains a patch for the issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-49141 - HAX CMS PHP OS Command Injection

CVE ID : CVE-2025-49141
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function later passes this input into `proc_open`, yielding OS command injection. An authenticated attacker can craft a URL string that bypasses the validation checks employed by the `filter_var` and `strpos` functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. Version 11.0.3 contains a patch for the issue.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-5896 - Tarojs Taro Inefficient Regular Expression Complexity Remote Vulnerability

CVE ID : CVE-2025-5896
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-5897 - Vue.js Vue-CLI Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5897
Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago
Description : A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 21:15:00 GMT

read more

CVE-2025-5892 - RocketChat Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5892
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5895 - Metabase Regular Expression Complexity Remote Vulnerability

CVE ID : CVE-2025-5895
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The patch is named 4454ebbdc7719016bf80ca0f34859ce5cee9f6b0. It is recommended to apply a patch to fix this issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5914 - Libarchive RAR Double-Free Vulnerability

CVE ID : CVE-2025-5914
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5915 - Apache libarchive Heap Buffer Over-Read Vulnerability

CVE ID : CVE-2025-5915
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5916 - Libarchive WARC Archive Integer Overflow Vulnerability

CVE ID : CVE-2025-5916
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5917 - Apache Libarchive Write Overflow Vulnerability

CVE ID : CVE-2025-5917
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5918 - Libarchive bsdtar Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-5918
Published : June 9, 2025, 8:15 p.m. | 3 hours, 44 minutes ago
Description : A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
Severity: 3.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 20:15:00 GMT

read more

CVE-2025-5889 - "Julian Gruber Brace-Expansion Regular Expression Complexity Remote Vulnerability"

CVE ID : CVE-2025-5889
Published : June 9, 2025, 7:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 19:15:00 GMT

read more

CVE-2025-5890 - Actions Toolkit Glob Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5890
Published : June 9, 2025, 7:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 19:15:00 GMT

read more

CVE-2025-5891 - Unitech pm2 Regular Expression Complexity Vulnerability

CVE ID : CVE-2025-5891
Published : June 9, 2025, 7:15 p.m. | 3 hours, 56 minutes ago
Description : A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 19:15:00 GMT

read more

CVE-2025-49652 - Lablup BackendAI Missing Authentication Vulnerability

CVE ID : CVE-2025-49652
Published : June 9, 2025, 6:15 p.m. | 4 hours, 56 minutes ago
Description : Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-49653 - Lablup BackendAI Sensitive Data Exposure

CVE ID : CVE-2025-49653
Published : June 9, 2025, 6:15 p.m. | 4 hours, 56 minutes ago
Description : Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-5888 - jsnjfz WebStack-Guns Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5888
Published : June 9, 2025, 6:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2024-47081 - Requests .netrc Credential Leakage Vulnerability

CVE ID : CVE-2024-47081
Published : June 9, 2025, 6:15 p.m. | 3 hours, 57 minutes ago
Description : Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-49651 - Lablup BackendAI Unauthenticated Session Hijacking

CVE ID : CVE-2025-49651
Published : June 9, 2025, 6:15 p.m. | 3 hours, 57 minutes ago
Description : Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 18:15:00 GMT

read more

CVE-2025-46041 - Anchor CMS Stored XSS

CVE ID : CVE-2025-46041
Published : June 9, 2025, 5:15 p.m. | 4 hours, 57 minutes ago
Description : A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-49136 - Listmonk Environment Variable Information Disclosure

CVE ID : CVE-2025-49136
Published : June 9, 2025, 5:15 p.m. | 4 hours, 57 minutes ago
Description : listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-5887 - jsnjfz WebStack-Guns Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5887
Published : June 9, 2025, 5:15 p.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2024-46452 - VigyBag Host Header Injection Vulnerability

CVE ID : CVE-2024-46452
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-29627 - KeeperChat Biometric Authentication Module Privilege Escalation Vulnerability

CVE ID : CVE-2025-29627
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-45001 - React Native Keys Information Disclosure

CVE ID : CVE-2025-45001
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-45002 - Vigybag Cross Site Scripting (XSS)

CVE ID : CVE-2025-45002
Published : June 9, 2025, 5:15 p.m. | 3 hours, 42 minutes ago
Description : Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 17:15:00 GMT

read more

CVE-2025-49296 - Mikado-Themes GrandPrix Path Traversal PHP Local File Inclusion Vulnerability

CVE ID : CVE-2025-49296
Published : June 9, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : Path Traversal vulnerability in Mikado-Themes GrandPrix allows PHP Local File Inclusion. This issue affects GrandPrix: from n/a through 1.6.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49297 - Mikado-Themes Grill and Chow PHP Local File Inclusion Vulnerability

CVE ID : CVE-2025-49297
Published : June 9, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : Path Traversal vulnerability in Mikado-Themes Grill and Chow allows PHP Local File Inclusion. This issue affects Grill and Chow: from n/a through 1.6.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-5886 - Emlog Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5886
Published : June 9, 2025, 4:15 p.m. | 4 hours, 42 minutes ago
Description : A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49277 - Unfoldwp Blogprise PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49277
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogprise allows PHP Local File Inclusion. This issue affects Blogprise: from n/a through 1.0.9.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49278 - Blogty PHP RFI Vulnerability

CVE ID : CVE-2025-49278
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogty allows PHP Local File Inclusion. This issue affects Blogty: from n/a through 1.0.11.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49279 - Unfoldwp Blogvy PHP Remote File Inclusion

CVE ID : CVE-2025-49279
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogvy allows PHP Local File Inclusion. This issue affects Blogvy: from n/a through 1.0.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49280 - Magty PHP RFI Vulnerability

CVE ID : CVE-2025-49280
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magty allows PHP Local File Inclusion. This issue affects Magty: from n/a through 1.0.6.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49281 - Magways PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49281
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magways allows PHP Local File Inclusion. This issue affects Magways: from n/a through 1.2.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49282 - Unfoldwp Magze PHP Remote File Inclusion

CVE ID : CVE-2025-49282
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magze allows PHP Local File Inclusion. This issue affects Magze: from n/a through 1.0.9.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49295 - Mikado-Themes MediClinic Path Traversal PHP Local File Inclusion

CVE ID : CVE-2025-49295
Published : June 9, 2025, 4:15 p.m. | 3 hours, 35 minutes ago
Description : Path Traversal vulnerability in Mikado-Themes MediClinic allows PHP Local File Inclusion. This issue affects MediClinic: from n/a through 2.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49265 - WP Swings Membership For WooCommerce Missing Authorization

CVE ID : CVE-2025-49265
Published : June 9, 2025, 4:15 p.m. | 2 hours, 55 minutes ago
Description : Missing Authorization vulnerability in WP Swings Membership For WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Membership For WooCommerce: from n/a through 2.8.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49275 - Blogbyte PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49275
Published : June 9, 2025, 4:15 p.m. | 2 hours, 55 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogbyte allows PHP Local File Inclusion. This issue affects Blogbyte: from n/a through 1.1.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-49276 - Unfoldwp Blogmine PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-49276
Published : June 9, 2025, 4:15 p.m. | 2 hours, 55 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Blogmine allows PHP Local File Inclusion. This issue affects Blogmine: from n/a through 1.1.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48126 - g5theme Essential Real Estate PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-48126
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48129 - Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light Privilege Escalation Vulnerability

CVE ID : CVE-2025-48129
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Privilege Escalation. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48130 - Spice Blocks Path Traversal Vulnerability

CVE ID : CVE-2025-48130
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spicethemes Spice Blocks allows Path Traversal. This issue affects Spice Blocks: from n/a through 2.0.7.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48139 - StyleAI Missing Authorization Vulnerability

CVE ID : CVE-2025-48139
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48140 - MetalpriceAPI Code Injection Vulnerability

CVE ID : CVE-2025-48140
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Control of Generation of Code ('Code Injection') vulnerability in metalpriceapi MetalpriceAPI allows Code Injection. This issue affects MetalpriceAPI: from n/a through 1.1.4.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48141 - Alex Zaytseff Multi CryptoCurrency Payments SQL Injection

CVE ID : CVE-2025-48141
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments allows SQL Injection. This issue affects Multi CryptoCurrency Payments: from n/a through 2.0.3.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48143 - SalesUp! Cross-site Scripting (XSS)

CVE ID : CVE-2025-48143
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in salesup2019 Formulario de contacto SalesUp! allows Reflected XSS. This issue affects Formulario de contacto SalesUp!: from n/a through 1.0.14.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48147 - CryptoCloud Crypto Payment Gateway Missing Authorization Vulnerability

CVE ID : CVE-2025-48147
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through 2.1.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48261 - MultiVendorX Sensitive Data Injection Vulnerability

CVE ID : CVE-2025-48261
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in MultiVendorX MultiVendorX allows Retrieve Embedded Sensitive Data. This issue affects MultiVendorX: from n/a through 4.2.22.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48267 - ThimPress WP Pipes Path Traversal Vulnerability

CVE ID : CVE-2025-48267
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48279 - WC MyParcel Belgium Cross-site Scripting (XSS)

CVE ID : CVE-2025-48279
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard Perdaan WC MyParcel Belgium allows Reflected XSS. This issue affects WC MyParcel Belgium: from 4.5.5 through beta.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-48281 - MyStyle Custom Product Designer SQL Injection

CVE ID : CVE-2025-48281
Published : June 9, 2025, 4:15 p.m. | 41 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mystyleplatform MyStyle Custom Product Designer allows Blind SQL Injection. This issue affects MyStyle Custom Product Designer: from n/a through 3.21.1.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 16:15:00 GMT

read more

CVE-2025-5884 - Konica Minolta bizhub Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5884
Published : June 9, 2025, 3:15 p.m. | 57 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 15:15:00 GMT

read more

CVE-2025-5885 - Konica Minolta bizhub Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5885
Published : June 9, 2025, 3:15 p.m. | 57 minutes ago
Description : A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 15:15:00 GMT

read more

CVE-2025-5880 - Whistle Path Traversal Vulnerability

CVE ID : CVE-2025-5880
Published : June 9, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 14:15:00 GMT

read more

CVE-2025-5881 - Code-projects Chat System SQL Injection Vulnerability

CVE ID : CVE-2025-5881
Published : June 9, 2025, 2:15 p.m. | 1 hour, 57 minutes ago
Description : A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirm_password.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 14:15:00 GMT

read more

CVE-2025-40668 - TCMAN GIM Authentication Bypass

CVE ID : CVE-2025-40668
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-40669 - TCMAN GIM Authorization Bypass

CVE ID : CVE-2025-40669
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-40670 - TCMAN GIM Privilege Escalation Vulnerability

CVE ID : CVE-2025-40670
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-48053 - Discourse Bot URL Availability Denial

CVE ID : CVE-2025-48053
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, sending a malicious URL in a PM to a bot user can cause a reduced the availability of a Discourse instance. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. No known workarounds are available.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-48062 - Discourse HTML Injection Vulnerability

CVE ID : CVE-2025-48062
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-48877 - Discourse Codepen Unintended JS Execution Vulnerability

CVE ID : CVE-2025-48877
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49006 - Keycloak Wasp OAuth Authentication ID Case Sensitivity Vulnerability

CVE ID : CVE-2025-49006
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases OAuth user IDs before storing / fetching them. This behavior violates OAuth and OpenID Connect specifications and can result in user impersonation, account collisions, and privilege escalation. In practice, out of the OAuth providers that Wasp auth supports, only Keycloak is affected. Keycloak uses a lowercase UUID by default, but users can configure it to be case sensitive, making it affected. Google, GitHub, and Discord use numerical IDs, making them not affected. Users should update their Wasp version to `0.16.6` which has a fix for the problematic behavior. Users using Keycloak can work around the issue by not using a case sensitive user ID in their realm configuration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49013 - WilderForge GitHub Actions Shell Code Injection Vulnerability

CVE ID : CVE-2025-49013
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.event.review.body }}` and other user controlled variables directly inside shell script contexts in GitHub Actions workflows. This introduces a code injection vulnerability: a malicious actor submitting a crafted pull request review containing shell metacharacters or commands could execute arbitrary shell code on the GitHub Actions runner. This can lead to arbitrary command execution with the permissions of the workflow, potentially compromising CI infrastructure, secrets, and build outputs. Developers who maintain or contribute to the repos WilderForge/WilderForge, WilderForge/ExampleMod, WilderForge/WilderWorkspace, WilderForge/WildermythGameProvider, WilderForge/AutoSplitter, WilderForge/SpASM, WilderForge/thrixlvault, WilderForge/MassHash, and/or WilderForge/DLC_Disabler; as well as users who fork any of the above repositories and reuse affected GitHub Actions workflows, are affected. End users of any the above software and users who only install pre-built releases or artifacts are not affected. This vulnerability does not impact runtime behavior of the software or compiled outputs unless those outputs were produced during exploitation of this vulnerability. A current workaround is to disable GitHub Actions in affected repositories, or remove the affected workflows.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49130 - Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-49130
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-49131 - FastGPT Sandbox Syscall Escalation Vulnerability

CVE ID : CVE-2025-49131
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-5877 - Fengoffice XML External Entity Reference Vulnerability

CVE ID : CVE-2025-5877
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Fengoffice Feng Office 3.2.2.1. Affected by this issue is some unknown functionality of the file /application/models/ApplicationDataObject.class.php of the component Document Upload Handler. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-5879 - WuKongOpenSource WukongCRM Remote Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5879
Published : June 9, 2025, 1:15 p.m. | 2 hours, 57 minutes ago
Description : A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 13:15:00 GMT

read more

CVE-2025-41444 - Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE ID : CVE-2025-41444
Published : June 9, 2025, 12:15 p.m. | 3 hours, 57 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 12:15:00 GMT

read more

CVE-2025-5875 - TP-Link TL-IPC544EP-W4 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5875
Published : June 9, 2025, 12:15 p.m. | 3 hours, 57 minutes ago
Description : A vulnerability classified as critical has been found in TP-Link TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 12:15:00 GMT

read more

CVE-2025-5876 - "Lucky LM-520-SC/FSC/FSC-SAM Remote Missing Authentication Vulnerability"

CVE ID : CVE-2025-5876
Published : June 9, 2025, 12:15 p.m. | 3 hours, 57 minutes ago
Description : A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 12:15:00 GMT

read more

CVE-2025-27709 - Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE ID : CVE-2025-27709
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-36528 - Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE ID : CVE-2025-36528
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-3835 - Zohocorp ManageEngine Exchange Reporter Plus Remote Code Execution Vulnerability

CVE ID : CVE-2025-3835
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-41437 - Zohocorp ManageEngine OpManager Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-41437
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-5873 - eCharge Hardy Barth Salia Web UI Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-5873
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-5874 - Redash getattr Handler Sandbox Bypass Vulnerability

CVE ID : CVE-2025-5874
Published : June 9, 2025, 11:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 11:15:00 GMT

read more

CVE-2025-5871 - Papendorf SOL Connect Center Web Interface Authentication Bypass Vulnerability

CVE ID : CVE-2025-5871
Published : June 9, 2025, 10:15 a.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 10:15:00 GMT

read more

CVE-2025-5872 - eGauge EG3000 Energy Monitor Authentication Bypass Vulnerability

CVE ID : CVE-2025-5872
Published : June 9, 2025, 10:15 a.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 10:15:00 GMT

read more

CVE-2025-40675 - "Bagisto Reflected Cross-Site Scripting (XSS)"

CVE ID : CVE-2025-40675
Published : June 9, 2025, 10:15 a.m. | 3 hours, 57 minutes ago
Description : A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 10:15:00 GMT

read more

CVE-2025-5870 - TRENDnet TV-IP121W Web Interface Improper Authentication Vulnerability

CVE ID : CVE-2025-5870
Published : June 9, 2025, 9:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 09:15:00 GMT

read more

CVE-2025-5869 - RT-Thread sys_recvfrom Memory Corruption Vulnerability

CVE ID : CVE-2025-5869
Published : June 9, 2025, 9:15 a.m. | 2 hours, 57 minutes ago
Description : A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 09:15:00 GMT

read more

CVE-2025-5867 - RT-Thread Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-5867
Published : June 9, 2025, 8:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 08:15:00 GMT

read more

CVE-2025-5868 - RT-Thread Array Index Validation Vulnerability

CVE ID : CVE-2025-5868
Published : June 9, 2025, 8:15 a.m. | 3 hours, 57 minutes ago
Description : A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 08:15:00 GMT

read more

CVE-2025-5894 - Honding Technology Smart Parking Management System Missing Authorization Privilege Escalation Vulnerability

CVE ID : CVE-2025-5894
Published : June 9, 2025, 8:15 a.m. | 3 hours, 57 minutes ago
Description : Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 08:15:00 GMT

read more

CVE-2025-5865 - RT-Thread Parameter Handler Memory Corruption Vulnerability

CVE ID : CVE-2025-5865
Published : June 9, 2025, 7:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory."
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 07:15:00 GMT

read more

CVE-2025-5866 - RT-Thread Array Index Validation Vulnerability

CVE ID : CVE-2025-5866
Published : June 9, 2025, 7:15 a.m. | 4 hours, 57 minutes ago
Description : A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 07:15:00 GMT

read more

CVE-2025-5893 - Honding Technology Smart Parking Management System Sensitive Information Exposure

CVE ID : CVE-2025-5893
Published : June 9, 2025, 7:15 a.m. | 4 hours, 57 minutes ago
Description : Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 07:15:00 GMT

read more

CVE-2025-25209 - Red Hat Connectivity Link Information Disclosure Vulnerability

CVE ID : CVE-2025-25209
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-3581 - "Newsletter WordPress Plugin Stored Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-3581
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-3582 - WordPress Newsletter Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-3582
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-47711 - "nbdkit Denial-of-Service Vulnerability"

CVE ID : CVE-2025-47711
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-47712 - "nbdkit Blocksize Filter Denial of Service Vulnerability"

CVE ID : CVE-2025-47712
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-4652 - Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4652
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-5863 - Tenda AC5 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5863
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-5864 - Tenda TDSEE App Authentication Bypass

CVE ID : CVE-2025-5864
Published : June 9, 2025, 6:15 a.m. | 5 hours, 57 minutes ago
Description : A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-25207 - Red Hat Connectivity Link Authorino Denial of Service

CVE ID : CVE-2025-25207
Published : June 9, 2025, 6:15 a.m. | 4 hours, 23 minutes ago
Description : The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-25208 - Apache Authorino Authentication Service Denial of Service

CVE ID : CVE-2025-25208
Published : June 9, 2025, 6:15 a.m. | 4 hours, 23 minutes ago
Description : A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 06:15:00 GMT

read more

CVE-2025-5861 - Tenda AC7 Buffer Overflow in AdvSetLanip Function

CVE ID : CVE-2025-5861
Published : June 9, 2025, 5:15 a.m. | 5 hours, 23 minutes ago
Description : A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 05:15:00 GMT

read more

CVE-2025-5862 - Tenda AC7 PPTP Form Set Buffer Overflow Vulnerability

CVE ID : CVE-2025-5862
Published : June 9, 2025, 5:15 a.m. | 5 hours, 23 minutes ago
Description : A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 05:15:00 GMT

read more

CVE-2025-5859 - PHPGurukul Nipah Virus Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5859
Published : June 9, 2025, 4:15 a.m. | 6 hours, 22 minutes ago
Description : A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /test-details.php. The manipulation of the argument assignto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 04:15:00 GMT

read more

CVE-2025-5860 - PHPGurukul Maid Hiring Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5860
Published : June 9, 2025, 4:15 a.m. | 6 hours, 22 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 04:15:00 GMT

read more

CVE-2025-5856 - PHPGurukul BP Monitoring Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5856
Published : June 9, 2025, 3:15 a.m. | 5 hours, 55 minutes ago
Description : A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 03:15:00 GMT

read more

CVE-2025-5857 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5857
Published : June 9, 2025, 3:15 a.m. | 5 hours, 55 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of the argument itr_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 03:15:00 GMT

read more

CVE-2025-5858 - PHPGurukul Nipah Virus Testing Management System SQL Injection

CVE ID : CVE-2025-5858
Published : June 9, 2025, 3:15 a.m. | 5 hours, 55 minutes ago
Description : A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient-report.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 03:15:00 GMT

read more

CVE-2025-5855 - Tenda AC6 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5855
Published : June 9, 2025, 2:15 a.m. | 6 hours, 55 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 02:15:00 GMT

read more

CVE-2025-5854 - "Tenda AC6 Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5854
Published : June 9, 2025, 1:15 a.m. | 7 hours, 55 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 01:15:00 GMT

read more

CVE-2025-5852 - Tenda AC6 PPTP Form Set User List Buffer Overflow

CVE ID : CVE-2025-5852
Published : June 9, 2025, 1:15 a.m. | 5 hours, 22 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 01:15:00 GMT

read more

CVE-2025-5853 - Tenda AC6 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5853
Published : June 9, 2025, 1:15 a.m. | 5 hours, 22 minutes ago
Description : A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 01:15:00 GMT

read more

CVE-2025-5851 - Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5851
Published : June 9, 2025, 12:15 a.m. | 6 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Mon, 09 Jun 2025 00:15:00 GMT

read more

CVE-2025-5849 - Tenda AC15 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5849
Published : June 8, 2025, 11:15 p.m. | 7 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 23:15:00 GMT

read more

CVE-2025-5850 - Tenda AC15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5850
Published : June 8, 2025, 11:15 p.m. | 7 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 23:15:00 GMT

read more

CVE-2025-5848 - Tenda AC15 PPTP Buffer Overflow Vulnerability

CVE ID : CVE-2025-5848
Published : June 8, 2025, 10:15 p.m. | 8 hours, 22 minutes ago
Description : A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 22:15:00 GMT

read more

CVE-2025-35004 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35004
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35005 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 AT+MFMAC Command Injection Vulnerability

CVE ID : CVE-2025-35005
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35006 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35006
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35007 - Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35007
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35008 - Microhard BulletLTE-NA2/IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35008
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35009 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Post-Auth Command Injection Vulnerability

CVE ID : CVE-2025-35009
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-35010 - Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

CVE ID : CVE-2025-35010
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record's first publishing.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-3459 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-3459
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-3460 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-3460
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-3461 - Quantenna Wi-Fi Missing Authentication for Critical Function

CVE ID : CVE-2025-3461
Published : June 8, 2025, 9:15 p.m. | 8 hours, 57 minutes ago
Description : The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32458 - Quantenna Wi-Fi Chipset Command Injection Vulnerability

CVE ID : CVE-2025-32458
Published : June 8, 2025, 9:15 p.m. | 7 hours, 22 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32459 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-32459
Published : June 8, 2025, 9:15 p.m. | 7 hours, 22 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32456 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-32456
Published : June 8, 2025, 9:15 p.m. | 6 hours, 52 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32457 - Quantenna Wi-Fi Chipset Command Injection Vulnerability

CVE ID : CVE-2025-32457
Published : June 8, 2025, 9:15 p.m. | 6 hours, 52 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-32455 - Quantenna Wi-Fi Command Injection Vulnerability

CVE ID : CVE-2025-32455
Published : June 8, 2025, 9:15 p.m. | 5 hours, 41 minutes ago
Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) . This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 21:15:00 GMT

read more

CVE-2025-5847 - Tenda AC9 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5847
Published : June 8, 2025, 2:15 p.m. | 12 hours, 41 minutes ago
Description : A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 14:15:00 GMT

read more

CVE-2025-27563 - OpenHarmony Permission Leak

CVE ID : CVE-2025-27563
Published : June 8, 2025, 12:15 p.m. | 14 hours, 41 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-26691 - OpenHarmony Information Leak

CVE ID : CVE-2025-26691
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-26693 - OpenHarmony File Access Information Leak

CVE ID : CVE-2025-26693
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-27131 - OpenHarmony Denial of Service Vulnerability

CVE ID : CVE-2025-27131
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-27242 - OpenHarmony Denial of Service Vulnerability

CVE ID : CVE-2025-27242
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-27247 - OpenHarmony Information Leak Vulnerability

CVE ID : CVE-2025-27247
Published : June 8, 2025, 12:15 p.m. | 11 hours, 34 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-23235 - OpenHarmony Out-of-Bounds Read Denial of Service

CVE ID : CVE-2025-23235
Published : June 8, 2025, 12:15 p.m. | 9 hours, 45 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-24493 - OpenHarmony race condition information leak vulnerability

CVE ID : CVE-2025-24493
Published : June 8, 2025, 12:15 p.m. | 9 hours, 45 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-25217 - Apache OpenHarmony NULL Pointer Dereference DOS

CVE ID : CVE-2025-25217
Published : June 8, 2025, 12:15 p.m. | 9 hours, 45 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-20063 - OpenHarmony JavaScript Engine Type Confusion Vulnerability

CVE ID : CVE-2025-20063
Published : June 8, 2025, 12:15 p.m. | 8 hours, 41 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-21082 - OpenHarmony Type Confusion Vulnerability

CVE ID : CVE-2025-21082
Published : June 8, 2025, 12:15 p.m. | 8 hours, 41 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 12:15:00 GMT

read more

CVE-2025-38003 - BCM Linux Kernel Use-After-Free (UAF) Vulnerability

CVE ID : CVE-2025-38003
Published : June 8, 2025, 11:15 a.m. | 9 hours, 41 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 11:15:00 GMT

read more

CVE-2025-38004 - Linux Kernel CAN bcm KASAN Slab-Out-of-Bounds Read

CVE ID : CVE-2025-38004
Published : June 8, 2025, 11:15 a.m. | 9 hours, 41 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sun, 08 Jun 2025 11:15:00 GMT

read more

CVE-2025-5026 - Apache HTTP Server Cross-Site Request Forgery (CSRF)

CVE ID : CVE-2025-5026
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2025-5097 - CVE-2022-36466: Apache HTTP Server XML Entity Injection Vulnerability

CVE ID : CVE-2025-5097
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2025-5223 - CVE-2022-36462: Apache HTTP Server Remote Code Execution

CVE ID : CVE-2025-5223
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2025-5242 - CVE-2022-1234: Apache Struts Remote Code Execution Vulnerability

CVE ID : CVE-2025-5242
Published : June 7, 2025, 11:15 p.m. | 21 hours, 41 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 23:15:00 GMT

read more

CVE-2024-55585 - "moPS App Unauthenticated Administrative API Access Vulnerability"

CVE ID : CVE-2024-55585
Published : June 7, 2025, 7:15 p.m. | 1 day, 1 hour ago
Description : In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 19:15:00 GMT

read more

CVE-2025-5839 - Tenda AC9 POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5839
Published : June 7, 2025, 6:15 p.m. | 1 day, 2 hours ago
Description : A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 18:15:00 GMT

read more

CVE-2025-5840 - SourceCodester Client Database Management System Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-5840
Published : June 7, 2025, 6:15 p.m. | 1 day, 2 hours ago
Description : A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 18:15:00 GMT

read more

CVE-2025-5838 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5838
Published : June 7, 2025, 4:15 p.m. | 1 day, 4 hours ago
Description : A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. Affected by this vulnerability is an unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 16:15:00 GMT

read more

CVE-2025-49619 - Skyvern Jinja Runtime Leak

CVE ID : CVE-2025-49619
Published : June 7, 2025, 2:15 p.m. | 1 day, 6 hours ago
Description : Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 14:15:00 GMT

read more

CVE-2025-5836 - Tenda AC9 Command Injection Vulnerability

CVE ID : CVE-2025-5836
Published : June 7, 2025, 2:15 p.m. | 1 day, 6 hours ago
Description : A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST Request Handler. The manipulation of the argument list leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 14:15:00 GMT

read more

CVE-2025-5837 - PHPGurukul Employee Record Management System SQL Injection

CVE ID : CVE-2025-5837
Published : June 7, 2025, 2:15 p.m. | 1 day, 6 hours ago
Description : A vulnerability classified as critical has been found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file /admin/allemployees.php. The manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 14:15:00 GMT

read more

CVE-2025-5568 - WordPress WpEvently Stored Cross-Site Scripting

CVE ID : CVE-2025-5568
Published : June 7, 2025, 12:15 p.m. | 1 day, 1 hour ago
Description : The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2024-9993 - "Elementor Addons for WordPress Stored Cross-Site Scripting Vulnerability"

CVE ID : CVE-2024-9993
Published : June 7, 2025, 12:15 p.m. | 23 hours, 45 minutes ago
Description : The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2024-9994 - Elementor Addons for WordPress - Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-9994
Published : June 7, 2025, 12:15 p.m. | 23 hours, 45 minutes ago
Description : The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2025-5528 - WordPress Sassy Social Share Reflected Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5528
Published : June 7, 2025, 12:15 p.m. | 23 hours, 45 minutes ago
Description : The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 12:15:00 GMT

read more

CVE-2025-5303 - Freightview, Daylight, Day Ross WordPress Plugins - Stored Cross-Site Scripting

CVE ID : CVE-2025-5303
Published : June 7, 2025, 9:15 a.m. | 1 day, 2 hours ago
Description : The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 09:15:00 GMT

read more

CVE-2025-5399 - "Libcurl WebSocket DoS Vulnerability"

CVE ID : CVE-2025-5399
Published : June 7, 2025, 8:15 a.m. | 1 day, 3 hours ago
Description : Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 08:15:00 GMT

read more

CVE-2025-47601 - MaxiBlocks Missing Authorization Privilege Escalation

CVE ID : CVE-2025-47601
Published : June 7, 2025, 5:15 a.m. | 1 day, 6 hours ago
Description : Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks allows Privilege Escalation.This issue affects MaxiBlocks: from n/a through 2.1.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 05:15:00 GMT

read more

CVE-2025-5814 - WordPress Profiler Data Modification Vulnerability

CVE ID : CVE-2025-5814
Published : June 7, 2025, 5:15 a.m. | 1 day, 6 hours ago
Description : The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the "Profiler" page.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 07 Jun 2025 05:15:00 GMT

read more

CVE-2025-49128 - Jackson-core Information Disclosure Vulnerability

CVE ID : CVE-2025-49128
Published : June 6, 2025, 10:15 p.m. | 1 day, 13 hours ago
Description : Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. This issue was silently fixed in jackson-core version 2.13.0, released on September 30, 2021, via PR #652. All users should upgrade to version 2.13.0 or later. If upgrading is not immediately possible, applications can mitigate the issue by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 22:15:00 GMT

read more

CVE-2025-49127 - Apache Kafka Kafbat UI Deserialization Remote Code Execution

CVE ID : CVE-2025-49127
Published : June 6, 2025, 9:15 p.m. | 1 day, 14 hours ago
Description : Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 21:15:00 GMT

read more

CVE-2025-5798 - Tenda AC8 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5798
Published : June 6, 2025, 8:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 20:15:00 GMT

read more

CVE-2025-5799 - Tenda AC8 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5799
Published : June 6, 2025, 8:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 20:15:00 GMT

read more

CVE-2025-5796 - Code-projects Laundry System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5796
Published : June 6, 2025, 7:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5797 - Laundry Laundry System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5797
Published : June 6, 2025, 7:15 p.m. | 1 day, 15 hours ago
Description : A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5480 - Action1 OpenSSL Privilege Escalation Vulnerability

CVE ID : CVE-2025-5480
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5481 - Sante DICOM Viewer Pro DCM File Parsing Remote Code Execution Vulnerability

CVE ID : CVE-2025-5481
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5794 - Tenda AC5 PPTP User List Buffer Overflow Vulnerability

CVE ID : CVE-2025-5794
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5795 - Tenda AC5 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5795
Published : June 6, 2025, 7:15 p.m. | 1 day, 3 hours ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5474 - 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability

CVE ID : CVE-2025-5474
Published : June 6, 2025, 7:15 p.m. | 23 hours, 18 minutes ago
Description : 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required. The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-3485 - Allegra ExtractFileFromZip Directory Traversal Remote Code Execution Vulnerability

CVE ID : CVE-2025-3485
Published : June 6, 2025, 7:15 p.m. | 22 hours, 44 minutes ago
Description : Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26524.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5473 - GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-5473
Published : June 6, 2025, 7:15 p.m. | 22 hours, 44 minutes ago
Description : GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-2766 - 70mai A510 Default Password Authentication Bypass

CVE ID : CVE-2025-2766
Published : June 6, 2025, 7:15 p.m. | 20 hours, 44 minutes ago
Description : 70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default configuration of user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 19:15:00 GMT

read more

CVE-2025-5790 - TOTOLINK X15 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5790
Published : June 6, 2025, 6:15 p.m. | 19 hours, 32 minutes ago
Description : A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5792 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5792
Published : June 6, 2025, 6:15 p.m. | 19 hours, 32 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5793 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5793
Published : June 6, 2025, 6:15 p.m. | 19 hours, 32 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-47950 - CoreDNS QUIC Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-47950
Published : June 6, 2025, 6:15 p.m. | 17 hours, 44 minutes ago
Description : CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash — especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency. Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-49011 - SpiceDB Denial of Authorization Vulnerability

CVE ID : CVE-2025-49011
Published : June 6, 2025, 6:15 p.m. | 17 hours, 44 minutes ago
Description : SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow’ed relation.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5789 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5789
Published : June 6, 2025, 6:15 p.m. | 17 hours, 44 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 18:15:00 GMT

read more

CVE-2025-5788 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5788
Published : June 6, 2025, 5:15 p.m. | 18 hours, 44 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-5787 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5787
Published : June 6, 2025, 5:15 p.m. | 15 hours, 39 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-5786 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5786
Published : June 6, 2025, 5:15 p.m. | 14 hours, 44 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-49599 - Huawei EG8141A5 EG8145V5 EG8145V5-V2 Firewall Bypass Vulnerability

CVE ID : CVE-2025-49599
Published : June 6, 2025, 5:15 p.m. | 11 hours, 15 minutes ago
Description : Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 17:15:00 GMT

read more

CVE-2025-5785 - Totolink X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5785
Published : June 6, 2025, 4:15 p.m. | 12 hours, 15 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5784 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5784
Published : June 6, 2025, 4:15 p.m. | 6 hours, 14 minutes ago
Description : A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5783 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5783
Published : June 6, 2025, 4:15 p.m. | 4 hours, 39 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. This affects an unknown part of the file /editmyexp.php. The manipulation of the argument emp3workduration leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5750 - WOLFBOX Level 2 EV Charger TuyaSvcDevosActivateResultParse Heap Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-5750
Published : June 6, 2025, 4:15 p.m. | 3 hours, 36 minutes ago
Description : WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5751 - WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass

CVE ID : CVE-2025-5751
Published : June 6, 2025, 4:15 p.m. | 3 hours, 36 minutes ago
Description : WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of management cards. The issue results from the lack of personalization of management cards. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26292.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29883 - ASUSTek File Station SSL/TLS Certificate Validation Vulnerability

CVE ID : CVE-2025-29883
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29884 - ASUSTek File Station Certificate Validation Vulnerability

CVE ID : CVE-2025-29884
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29885 - ASUSTek File Station Certificate Validation Bypass

CVE ID : CVE-2025-29885
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29892 - Qsync Central SQL Injection

CVE ID : CVE-2025-29892
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-30279 - ASUSTek File Station Certificate Validation Weakness

CVE ID : CVE-2025-30279
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-33031 - ASUSTek File Station Certificate Validation Bypass

CVE ID : CVE-2025-33031
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-33035 - ASUSTek File Station Path Traversal Vulnerability

CVE ID : CVE-2025-33035
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5747 - WOLFBOX Level 2 EV Charger Remote Code Execution Vulnerability

CVE ID : CVE-2025-5747
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5748 - WOLFBOX Level 2 EV Charger Remote Code Execution Vulnerability

CVE ID : CVE-2025-5748
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tuya communications module software. The issue results from the exposure of a method allowing the upload of crafted software images to the module. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26349.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-5749 - WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass

CVE ID : CVE-2025-5749
Published : June 6, 2025, 4:15 p.m. | 2 hours, 39 minutes ago
Description : WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of cryptographic keys used in vendor-specific encrypted communications. The issue results from the lack of proper initialization of a variable prior to accessing it. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26295.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22490 - ASUSTek File Station NULL Pointer Dereference Denial-of-Service

CVE ID : CVE-2025-22490
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29871 - Aspera File Station OOB Read Vulnerability

CVE ID : CVE-2025-29871
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29872 - File Station 5 Resource Denial of Service Vulnerability

CVE ID : CVE-2025-29872
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29873 - Asus File Station NULL Pointer Dereference Denial of Service

CVE ID : CVE-2025-29873
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29876 - Aspera File Station NULL Pointer Dereference Denial-of-Service Vulnerability

CVE ID : CVE-2025-29876
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-29877 - ASUSTek File Station NULL Pointer Dereference Denial of Service

CVE ID : CVE-2025-29877
Published : June 6, 2025, 4:15 p.m. | 2 hours, 14 minutes ago
Description : A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22481 - QNAP QTS/QuTS Hero Command Injection Vulnerability

CVE ID : CVE-2025-22481
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22482 - Qsync Central Format String Vulnerability

CVE ID : CVE-2025-22482
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22484 - ASUSTek File Station Denial of Service (DoS) Vulnerability

CVE ID : CVE-2025-22484
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-22486 - Asus File Station SSL/TLS Certificate Validation Vulnerability

CVE ID : CVE-2025-22486
Published : June 6, 2025, 4:15 p.m. | 54 minutes ago
Description : An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 16:15:00 GMT

read more

CVE-2025-27531 - Apache InLong Deserialization of Untrusted Data Remote File Read Vulnerability

CVE ID : CVE-2025-27531
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache InLong.  This issue affects Apache InLong: from 1.13.0 before 2.1.0, this issue would allow an authenticated attacker to read arbitrary files by double writing the param. Users are recommended to upgrade to version 2.1.0, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-41646 - Apache Software Type Confusion Authentication Bypass

CVE ID : CVE-2025-41646
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : An unauthorized remote attacker can bypass the authentication of the affected software package by misusing an incorrect type conversion. This leads to full compromise of the device
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-5779 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5779
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability has been found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /birthing.php. The manipulation of the argument itr_no/comp_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-5780 - Code-projects Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5780
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-5782 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5782
Published : June 6, 2025, 3:15 p.m. | 1 hour, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Employee Record Management System 1.3. Affected by this issue is some unknown functionality of the file /resetpassword.php. The manipulation of the argument newpassword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 15:15:00 GMT

read more

CVE-2025-0620 - Samba Group Membership Change Delayed Authentication Vulnerability

CVE ID : CVE-2025-0620
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-38001 - Linux Kernel Netem HFSC Double Insertion Uninitialized Use After Free

CVE ID : CVE-2025-38001
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can still occur when HFSC is utilized with NETEM. The patch only checks the cl->cl_nactive field to determine whether it is the first insertion or not [2], but this field is only incremented by init_vf [3]. By using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the check and insert the class twice in the eltree. Under normal conditions, this would lead to an infinite loop in hfsc_dequeue for the reasons we already explained in this report [5]. However, if TBF is added as root qdisc and it is configured with a very low rate, it can be utilized to prevent packets from being dequeued. This behavior can be exploited to perform subsequent insertions in the HFSC eltree and cause a UAF." To fix both the UAF and the infinite loop, with netem as an hfsc child, check explicitly in hfsc_enqueue whether the class is already in the eltree whenever the HFSC_RSC flag is set. [1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547 [2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572 [3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677 [4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574 [5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-38002 - Linux Kernel io_uring fdinfo Lock Bypass Vulnerability

CVE ID : CVE-2025-38002
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock' variable exists. But enough does that it's a bit unwieldy to manage. Wrap the whole thing in a ->uring_lock trylock, and just return with no output if we fail to grab it. The existing trylock() will already have greatly diminished utility/output for the failure case. This fixes an issue with reading the SQE fields, if the ring is being actively resized at the same time.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-5778 - "ABC Courier Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5778
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /adminSQL. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-5791 - Rust Crate Root Group Privilege Escalation

CVE ID : CVE-2025-5791
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-5806 - Jenkins Gatling Plugin Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5806
Published : June 6, 2025, 2:15 p.m. | 2 hours, 13 minutes ago
Description : Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 14:15:00 GMT

read more

CVE-2025-49450 - mhallmann SEPA Girocode Cross-site Scripting

CVE ID : CVE-2025-49450
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mhallmann SEPA Girocode allows Stored XSS. This issue affects SEPA Girocode: from n/a through 0.5.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-49453 - Jatinder Pal Singh BP Profile CSRF Stored XSS

CVE ID : CVE-2025-49453
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage allows Stored XSS. This issue affects BP Profile as Homepage: from n/a through 1.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-5764 - Code-projects Laundry System Cross Site Scripting (XSS)

CVE ID : CVE-2025-5764
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /data/insert_laundry.php. The manipulation of the argument Customer leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-5765 - Code-projects Laundry System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5765
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Laundry System 1.0. It has been classified as problematic. This affects an unknown part of the file /data/edit_laundry.php. The manipulation of the argument Customer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-5766 - Code-projects Laundry System Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5766
Published : June 6, 2025, 1:16 p.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Laundry System 1.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:16:00 GMT

read more

CVE-2025-49435 - Hasina77 Wp Easy Allopass CSRF Vulnerability

CVE ID : CVE-2025-49435
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass allows Cross Site Request Forgery. This issue affects Wp Easy Allopass: from n/a through 4.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49439 - Mariusz88AtelierWeb Atelier Create CV CSRF Vulnerability

CVE ID : CVE-2025-49439
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV allows Cross Site Request Forgery. This issue affects Atelier Create CV: from n/a through 1.1.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49440 - Vuong Nguyen WP Security Master CSRF Vulnerability

CVE ID : CVE-2025-49440
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master allows Cross Site Request Forgery. This issue affects WP Security Master: from n/a through 1.0.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49441 - WordPress Map Plugins Interactive Regional Map of Florida Authorization Bypass

CVE ID : CVE-2025-49441
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Missing Authorization vulnerability in WP Map Plugins Interactive Regional Map of Florida allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Regional Map of Florida: from n/a through 1.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49442 - Mostafa Shahiri Simple Nested Menu Cross-Site Scripting

CVE ID : CVE-2025-49442
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mostafa Shahiri Simple Nested Menu allows Stored XSS. This issue affects Simple Nested Menu: from n/a through 1.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49443 - Chris McCoy Bacon Ipsum Cross-site Scripting Vulnerability

CVE ID : CVE-2025-49443
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris McCoy Bacon Ipsum allows Stored XSS. This issue affects Bacon Ipsum: from n/a through 2.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49445 - WP Map Plugins Interactive UK Regional Map CSRF Vulnerability

CVE ID : CVE-2025-49445
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map allows Cross Site Request Forgery. This issue affects Interactive UK Regional Map: from n/a through 2.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49446 - Minhlaobao Admin Notes CSRF Vulnerability

CVE ID : CVE-2025-49446
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in minhlaobao Admin Notes allows Cross Site Request Forgery. This issue affects Admin Notes: from n/a through 1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49449 - WP Map Plugins Interactive Regional Map of Africa CSRF Vulnerability

CVE ID : CVE-2025-49449
Published : June 6, 2025, 1:15 p.m. | 3 hours, 13 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa allows Cross Site Request Forgery. This issue affects Interactive Regional Map of Africa: from n/a through 1.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49419 - Foxit eSign for WordPress: Sensitive Data Exposure

CVE ID : CVE-2025-49419
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in esigngenie Foxit eSign for WordPress allows Retrieve Embedded Sensitive Data. This issue affects Foxit eSign for WordPress: from n/a through 2.0.3.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49421 - Andrei Filonov WP Text Expander SQL Injection

CVE ID : CVE-2025-49421
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49425 - Konami Easter Egg CSRF Stored XSS

CVE ID : CVE-2025-49425
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49427 - Abbie Expander Cross-site Scripting

CVE ID : CVE-2025-49427
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Abbie Expander allows Stored XSS. This issue affects Abbie Expander: from n/a through 1.0.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49429 - Ryan Burnette Video Embeds Cross-site Scripting

CVE ID : CVE-2025-49429
Published : June 6, 2025, 1:15 p.m. | 1 hour, 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Burnette Video Embeds allows Stored XSS. This issue affects Video Embeds: from n/a through 0.1.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49326 - GamiPress SQL Injection

CVE ID : CVE-2025-49326
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia GamiPress allows SQL Injection. This issue affects GamiPress: from n/a through 7.4.5.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49327 - Ruben Garcia ShortLinks Pro SQL Injection

CVE ID : CVE-2025-49327
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia ShortLinks Pro allows SQL Injection. This issue affects ShortLinks Pro: from n/a through 1.0.7.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49328 - Agile Logix Store Locator WordPress SQL Injection

CVE ID : CVE-2025-49328
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49329 - Agile Logix Store Locator WordPress Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-49329
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49332 - Codepeople WP Time Slots Booking Form CSRF Vulnerability

CVE ID : CVE-2025-49332
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form allows Cross Site Request Forgery. This issue affects WP Time Slots Booking Form: from n/a through 1.2.30.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-49333 - WordPress Simple Membership Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-49333
Published : June 6, 2025, 1:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wp.insider Simple Membership allows Stored XSS. This issue affects Simple Membership: from n/a through 4.6.3.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 13:15:00 GMT

read more

CVE-2025-41360 - Cisco IDF Denial of Service Vulnerability

CVE ID : CVE-2025-41360
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The device is vulnerable to a packet flooding denial of service attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41361 - Juniper Networks ProCOME TLS Denial of Service (DoS)

CVE ID : CVE-2025-41361
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Uncontrolled resource consumption vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The devices improperly handle TLS requests associated with PROCOME sockets, so TLS requests sent to those PROCOME ports could cause the device to reboot and result in a denial of service. To exploit this vulnerability, PROCOME ports must be configured and active, with communications encryption active.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41362 - IDF/ ZLF Browser Code Injection Vulnerability

CVE ID : CVE-2025-41362
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41363 - "ZLF IDF CORS Authentication Bypass"

CVE ID : CVE-2025-41363
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41364 - Microsoft IDF Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-41364
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed with view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41365 - IDF/ZLF Code Injection Vulnerability

CVE ID : CVE-2025-41365
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41366 - Cisco IDF ZLF CORS Configuration Error Vulnerability

CVE ID : CVE-2025-41366
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-41367 - "IDF and ZLF Stored XSS"

CVE ID : CVE-2025-41367
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-47584 - ThemeGoods Photography Deserialization of Untrusted Data Vulnerability

CVE ID : CVE-2025-47584
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-47586 - StylemixThemes Motors - Events PHP RFI Vulnerability

CVE ID : CVE-2025-47586
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Motors - Events allows PHP Local File Inclusion.This issue affects Motors - Events: from n/a through 1.4.7.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48328 - Daman Jeet Real Time Validation for Gravity Forms CSRF Vulnerability

CVE ID : CVE-2025-48328
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48329 - Daman Jeet Real Time Validation for Gravity Forms Cross-site Scripting

CVE ID : CVE-2025-48329
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Reflected XSS.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48335 - CyberChimps Responsive Plus Missing Authorization Vulnerability

CVE ID : CVE-2025-48335
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Missing Authorization vulnerability in CyberChimps Responsive Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Plus: from n/a through 3.2.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48337 - QuickcabWP QuickCab Missing Authorization Vulnerability

CVE ID : CVE-2025-48337
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49067 - NasaTheme NASA Core Stored Cross-Site Scripting

CVE ID : CVE-2025-49067
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Stored XSS.This issue affects Nasa Core: from n/a before 6.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49068 - OceanWP Ocean Extra Cross-site Scripting (XSS)

CVE ID : CVE-2025-49068
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Extra allows Stored XSS.This issue affects Ocean Extra: from n/a through 2.4.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49074 - ThemesGrove WidgetKit Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-49074
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49075 - PickPlugins Wishlist Stored Cross-site Scripting Vulnerability

CVE ID : CVE-2025-49075
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49076 - Elementor Page Builder Lite Stored Cross-Site Scripting (XSS) in POSIMYTH Innovations

CVE ID : CVE-2025-49076
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-49077 - ThemeHigh Dynamic Pricing and Discount Rules CSRF Vulnerability

CVE ID : CVE-2025-49077
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5239 - WordPress Domain For Sale Stored Cross-Site Scripting

CVE ID : CVE-2025-5239
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5760 - WordPress Simple History Plugin Password Exposure RCE

CVE ID : CVE-2025-5760
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5761 - PHPGurukul BP Monitoring Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5761
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5762 - Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5762
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file view_hematology.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-5763 - Tenda CP3 Command Injection Vulnerability

CVE ID : CVE-2025-5763
Published : June 6, 2025, 12:15 p.m. | 54 minutes ago
Description : A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 12:15:00 GMT

read more

CVE-2025-48780 - Soar Cloud HRD Deserialization Command Execution Vulnerability

CVE ID : CVE-2025-48780
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48781 - Soar Cloud HRD Human Resource Management System File Path Traversal Vulnerability

CVE ID : CVE-2025-48781
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48782 - Soar Cloud HRD File Upload Command Execution Vulnerability

CVE ID : CVE-2025-48782
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48783 - Soar Cloud HRD Human Resource Management System File Path Traversal Vulnerability

CVE ID : CVE-2025-48783
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-48784 - Soar Cloud HRD Human Resource Management System Authorization Bypass

CVE ID : CVE-2025-48784
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-5192 - Soar Cloud HRD Missing Authentication Bypass Vulnerability

CVE ID : CVE-2025-5192
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-5755 - SourceCodester Open Source Clinic Management System SQL Injection

CVE ID : CVE-2025-5755
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-5756 - Code-projects Real Estate Property Management System SQL Injection

CVE ID : CVE-2025-5756
Published : June 6, 2025, 10:15 a.m. | 54 minutes ago
Description : A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/EditCity.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 10:15:00 GMT

read more

CVE-2025-3322 - Apache Server Code Injection Vulnerability

CVE ID : CVE-2025-3322
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-3365 - Apache File Path Traversal Vulnerability

CVE ID : CVE-2025-3365
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A missing protection against path traversal allows to access any file on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-5737 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5737
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-5738 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5738
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-5739 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5739
Published : June 6, 2025, 9:15 a.m. | 1 hour, 54 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 09:15:00 GMT

read more

CVE-2025-3321 - Apache Server Unauthenticated Local Privilege Escalation Vulnerability

CVE ID : CVE-2025-3321
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5732 - Traffic Offense Reporting System Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5732
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5734 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5734
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5735 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5735
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

CVE-2025-5736 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-5736
Published : June 6, 2025, 8:15 a.m. | 2 hours, 54 minutes ago
Description : A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 08:15:00 GMT

read more

Retrouvez l’ANSSI lors de VivaTechnology 2025 !

Retrouvez l’ANSSI lors de VivaTechnology 2025 !

anssiadm
Du 11 au 14 juin retrouvez l’ANSSI sur le pavillon numérique de l’État, lors de l’édition 2025 de VivaTechnology, le salon annuel des acteurs de l’innovation technologique.

Rendez-vous sur le pavillon numérique de l’État

Présents pour la première fois à VivaTechnology, les agents de l’ANSSI seront disponibles au sein du pavillon numérique de l’État, pour répondre à toutes vos questions.

Situé en n°H58, ce stand sera l’occasion pour l’Agence, aux côtés de la Direction interministérielle du numérique, la direction de la Transformation numérique du ministère de l’Intérieur, les directions du numérique du ministère de l’Économie, des Finances et de la Souveraineté industrielle et numérique, la direction numérique des ministères de l’Aménagement du territoire et de la Transition écologique, la direction numérique du ministère de l’Agriculture et de la souveraineté alimentaire, l’Institut national de l’information géographique et forestière, de mettre en avant six grandes thématiques pour cette édition 2025 :

  • Identité numérique
  • IA : Stratégie IA de l'Etat et initiatives produits IA de l'Etat
  • Des outils numériques souverains
  • Startups d'Etat concevoir des services numériques agiles et à impact
  • Transformation numérique des territoires
  • Stratégie Cloud de l'Etat
  • Cybersécurité

Découvrez la programmation détaillée

Pendant les 4 jours du salon, nos experts animeront différentes sessions sur des thématiques essentiels pour l’Agence, qui ont un impact significatif sur l’écosystème cyber français.

État des lieux de l’identité numérique en Europe

  • Jeudi 12 juin 2025 - 10h00
  • Samedi 14 juin 2025 – 14h00

Cybersécurité de l’IA

  • Mercredi 11 juin 2025 - 10h30
  • Jeudi 12 juin 2025 - 10h30
  • Vendredi 13 juin 2025 - 10h30 et 16h00
  • Samedi 14 juin - 10h30

La suite Cyber : l’offre de service numérique cyber souverain

  • Jeudi 12 juin 2025 - 14h00

SecNumCloud, un référentiel d’exigences pour des offres de services cloud

  • Mercredi 11 juin 2025 - 15h30
  • Jeudi 12 juin 2025 - 15h30
  • Vendredi 13 juin 2025 - 15h30

Directives NIS 2 – Focus sur les acteurs du numérique

  • Mercredi 11 juin - 16h00

Fri, 06 Jun 2025 07:25:00 GMT

read more

CVE-2025-5586 - WordPress Ajax Load More and Infinite Scroll Stored Cross-Site Scripting

CVE ID : CVE-2025-5586
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The WordPress Ajax Load More and Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5686 - WordPress Paged Gallery Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5686
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5699 - WordPress Developer Formatter Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5699
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5703 - "WordPress StageShow Stored Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-5703
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5727 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5727
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : A vulnerability classified as problematic has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/announcement of the component Announcement Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5728 - SourceCodester Open Source Clinic Management System Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-5728
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5729 - Code-projects Health Center Patient Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5729
Published : June 6, 2025, 7:15 a.m. | 3 hours, 54 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5486 - WordPress WP Email Debug Privilege Escalation

CVE ID : CVE-2025-5486
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The WP Email Debug plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the WPMDBUG_handle_settings() function in versions 1.0 to 1.1.0. This makes it possible for unauthenticated attackers to enable debugging and send all emails to an attacker controlled address and then trigger a password reset for an administrator to gain access to an administrator account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5533 - WordPress Knowledge Base Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5533
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Knowledge Base plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kbalert' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5534 - "ESV Bible Shortcode for WordPress Stored Cross-Site Scripting"

CVE ID : CVE-2025-5534
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'esv' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5536 - Freemind Viewer Stored Cross-Site Scripting

CVE ID : CVE-2025-5536
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Freemind Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'freemind' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5538 - WordPress BNS Featured Category Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5538
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The BNS Featured Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bnsfc' shortcode in all versions up to, and including, 2.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5541 - WordPress Runners Log Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5541
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Runners Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5563 - WordPress WP-Addpub SQL Injection Vulnerability

CVE ID : CVE-2025-5563
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5565 - WordPress Hide It Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5565
Published : June 6, 2025, 7:15 a.m. | 3 hours, 13 minutes ago
Description : The Hide It plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hideit' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48911 - Citrix ShareFile Permission Vulnerability

CVE ID : CVE-2025-48911
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-4964 - WordPress WP Online Users Stats SQL Injection

CVE ID : CVE-2025-4964
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Editor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-4966 - WordPress WP Online Users Stats CSRF

CVE ID : CVE-2025-4966
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5018 - WordPress Hive Support Plugin Unauthenticated Data Manipulation Vulnerability

CVE ID : CVE-2025-5018
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The Hive Support plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the hs_update_ai_chat_settings() and hive_lite_support_get_all_binbox() functions in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read and overwrite the site’s OpenAI API key and inspection data or modify AI-chat prompts and behavior. This vulnerability is potentially a duplicate of CVE-2025-32208 or/and CVE-2025-32242.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-5019 - Hive Support WordPress Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-5019
Published : June 6, 2025, 7:15 a.m. | 1 hour, 39 minutes ago
Description : The Hive Support | AI-Powered Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the hs_update_ai_chat_settings() function. This makes it possible for unauthenticated attackers to reconfigure the plugin’s AI/chat settings (including API keys) and to potentially redirect notifications or leak data to attacker-controlled endpoints via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48906 - DSoftBus Authentication Bypass Vulnerability

CVE ID : CVE-2025-48906
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48907 - Apache IPC Deserialization Vulnerability

CVE ID : CVE-2025-48907
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48908 - "Ability Auto Startup Service Vulnerability in Foundation Process"

CVE ID : CVE-2025-48908
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48909 - Cisco ASA Authentication Bypass Vulnerability

CVE ID : CVE-2025-48909
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2025-48910 - Apache DFile Buffer Overflow Vulnerability

CVE ID : CVE-2025-48910
Published : June 6, 2025, 7:15 a.m. | 30 minutes ago
Description : Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 07:15:00 GMT

read more

CVE-2023-2921 - WordPress Short URL SQL Injection Vulnerability

CVE ID : CVE-2023-2921
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-1777 - WordPress BM Content Builder Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-1777
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : The BM Content Builder plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'ux_cb_page_options_save' function in all versions up to, and including, 3.16.2.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-1778 - "WordPress Art Theme Unauthorized Theme Option Deletion Vulnerability"

CVE ID : CVE-2025-1778
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : The Art Theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'arttheme_theme_option_restore' AJAX function in all versions up to, and including, 3.12.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the theme option.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-5724 - SourceCodester Student Result Management System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-5724
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /script/academic/subjects of the component Subjects Page. The manipulation of the argument Subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-5725 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5725
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/academic/grading-system of the component Grading System Page. The manipulation of the argument Remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-5726 - SourceCodester Student Result Management System Cross-Site Scripting (XSS)

CVE ID : CVE-2025-5726
Published : June 6, 2025, 6:15 a.m. | 38 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /script/academic/division-system of the component Division System Page. The manipulation of the argument Division leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 06:15:00 GMT

read more

CVE-2025-36513 - i-PRO Co., Ltd. Surveillance Cameras CSRF Vulnerability

CVE ID : CVE-2025-36513
Published : June 6, 2025, 5:15 a.m. | 1 hour, 13 minutes ago
Description : Cross-site request forgery vulnerability exists in surveillance cameras provided by i-PRO Co., Ltd.. If a user views a crafted page while logged in to the affected product, unintended operations may be performed.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 05:15:00 GMT

read more

CVE-2025-5722 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5722
Published : June 6, 2025, 5:15 a.m. | 1 hour, 13 minutes ago
Description : A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /script/academic/terms of the component Add Academic Term. The manipulation of the argument Academic Term leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 05:15:00 GMT

read more

CVE-2025-5723 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5723
Published : June 6, 2025, 5:15 a.m. | 1 hour, 13 minutes ago
Description : A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 05:15:00 GMT

read more

CVE-2025-5721 - SourceCodester Student Result Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5721
Published : June 6, 2025, 4:16 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /script/academic/core/update_profile of the component Profile Setting Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:16:00 GMT

read more

CVE-2025-5733 - WordPress Modern Events Calendar Lite Full Path Disclosure

CVE ID : CVE-2025-5733
Published : June 6, 2025, 4:16 a.m. | 2 hours, 12 minutes ago
Description : The Modern Events Calendar Lite plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 7.21.9. This is due improper or insufficient validation of the id property when exporting calendars. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:16:00 GMT

read more

CVE-2024-46941 - Samsung SystemUI Information Disclosure Vulnerability

CVE ID : CVE-2024-46941
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : SystemUI has an incorrect component protection setting, which allows access to specific information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5714 - SoluçõesCoop iSoluçõesWEB Profile Information Update Path Traversal Vulnerability

CVE ID : CVE-2025-5714
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250516. It has been classified as problematic. This affects an unknown part of the file /sys/up.upload.php of the component Profile Information Update. The manipulation of the argument nomeArquivo leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5715 - Signal App Android Biometric Authentication Handler Authentication Bypass Vulnerability

CVE ID : CVE-2025-5715
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5716 - SourceCodester Open Source Clinic Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5716
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5719 - PayPal Authentication Bypass

CVE ID : CVE-2025-5719
Published : June 6, 2025, 4:15 a.m. | 2 hours, 13 minutes ago
Description : The wallet has an authentication bypass vulnerability that allows access to specific pages.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 04:15:00 GMT

read more

CVE-2025-5711 - Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5711
Published : June 6, 2025, 3:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/InsertCity.php. The manipulation of the argument cmbState leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 03:15:00 GMT

read more

CVE-2025-5712 - SourceCodester Open Source Clinic Management System SQL Injection

CVE ID : CVE-2025-5712
Published : June 6, 2025, 3:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /appointment.php. The manipulation of the argument patient leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 03:15:00 GMT

read more

CVE-2025-5713 - SoluçõesCoop iSoluçõesWEB Flow Handler Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5713
Published : June 6, 2025, 3:15 a.m. | 3 hours, 13 minutes ago
Description : A vulnerability was found in SoluçõesCoop iSoluçõesWEB up to 20250519 and classified as problematic. Affected by this issue is some unknown functionality of the file /fluxos-dashboard of the component Flow Handler. The manipulation of the argument Descrição da solicitação leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 03:15:00 GMT

read more

CVE-2024-22330 - IBM Security Verify Governance Weak Password Enforcement Vulnerability

CVE ID : CVE-2024-22330
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : IBM Security Verify Governance 10.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2024-56342 - IBM Verify Identity Access Digital Credentials Information Disclosure

CVE ID : CVE-2024-56342
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : IBM Verify Identity Access Digital Credentials 24.06 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2024-56343 - IBM Verify Identity Access Digital Credentials Denial of Service

CVE ID : CVE-2024-56343
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2025-5709 - Code-projects Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5709
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. This vulnerability affects unknown code of the file /Admin/InsertCategory.php. The manipulation of the argument txtCategoryName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2025-5710 - "Code-projects Real Estate Property Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5710
Published : June 6, 2025, 2:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/InsertState.php. The manipulation of the argument txtStateName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 02:15:00 GMT

read more

CVE-2025-5706 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5706
Published : June 6, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /new-user-testing.php. The manipulation of the argument state leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 01:15:00 GMT

read more

CVE-2025-5707 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection

CVE ID : CVE-2025-5707
Published : June 6, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 01:15:00 GMT

read more

CVE-2025-5708 - Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5708
Published : June 6, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /Admin/NewsReport.php. The manipulation of the argument txtFrom leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 01:15:00 GMT

read more

CVE-2025-5705 - Code-Projects Real Estate Property Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5705
Published : June 6, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Admin/Property.php. The manipulation of the argument cmbCat leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 06 Jun 2025 00:15:00 GMT

read more

CVE-2025-49012 - Microsoft Azure Entra ID Intune Himmelblau Privilege Escalation Vulnerability

CVE ID : CVE-2025-49012
Published : June 5, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API—even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `"Allow-Linux-Login"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 23:15:00 GMT

read more

CVE-2025-5704 - "Code-projects Real Estate Property Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5704
Published : June 5, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in code-projects Real Estate Property Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/User.php. The manipulation of the argument txtUserName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 23:15:00 GMT

read more

CVE-2025-5698 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-5698
Published : June 5, 2025, 10:15 p.m. | 8 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /sysframework/logSelect.htm. The manipulation of the argument nodename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 22:15:00 GMT

read more

CVE-2025-5696 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-5696
Published : June 5, 2025, 10:15 p.m. | 6 hours, 54 minutes ago
Description : A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 22:15:00 GMT

read more

CVE-2025-5697 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-5697
Published : June 5, 2025, 10:15 p.m. | 6 hours, 54 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument custTradeId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 22:15:00 GMT

read more

CVE-2025-5695 - FLIR AX8 Command Injection Vulnerability

CVE ID : CVE-2025-5695
Published : June 5, 2025, 9:15 p.m. | 7 hours, 54 minutes ago
Description : A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-47966 - Power Automate Privilege Escalation Information Exposure

CVE ID : CVE-2025-47966
Published : June 5, 2025, 9:15 p.m. | 6 hours, 29 minutes ago
Description : Exposure of sensitive information to an unauthorized actor in Power Automate allows an unauthorized attacker to elevate privileges over a network.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-48133 - Uncanny Owl Uncanny Automator Missing Authorization Vulnerability

CVE ID : CVE-2025-48133
Published : June 5, 2025, 9:15 p.m. | 6 hours, 29 minutes ago
Description : Missing Authorization vulnerability in Uncanny Owl Uncanny Automator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator: from n/a through 6.4.0.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-5694 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5694
Published : June 5, 2025, 9:15 p.m. | 6 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 21:15:00 GMT

read more

CVE-2025-5680 - Shenzhen Dashi Tongzhou Information Technology AgileBPM Groovy Script Handler Remote Deserialization Vulnerability

CVE ID : CVE-2025-5680
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5685 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5685
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5693 - PHPGurukul Human Metapneumovirus Testing Management System SQL Injection

CVE ID : CVE-2025-5693
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5745 - IBM Power10 GNU C Library Unpredictable String Comparison Vulnerability

CVE ID : CVE-2025-5745
Published : June 5, 2025, 8:15 p.m. | 7 hours, 29 minutes ago
Description : The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-43026 - HP Support Assistant Privilege Escalation Vulnerability

CVE ID : CVE-2025-43026
Published : June 5, 2025, 8:15 p.m. | 6 hours, 38 minutes ago
Description : A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 20:15:00 GMT

read more

CVE-2025-5679 - Shenzhen Dashi Tongzhou Information Technology AgileBPM Deserialization Remote Code Execution Vulnerability

CVE ID : CVE-2025-5679
Published : June 5, 2025, 7:15 p.m. | 7 hours, 38 minutes ago
Description : A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5702 - IBM Power10 GNU C Library Uninitialized Register Use

CVE ID : CVE-2025-5702
Published : June 5, 2025, 7:15 p.m. | 7 hours, 38 minutes ago
Description : The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5674 - "Code-Projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5674
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5675 - Campcodes Online Teacher Record Management System SQL Injection

CVE ID : CVE-2025-5675
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5676 - Campcodes Online Recruitment Management System SQL Injection

CVE ID : CVE-2025-5676
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-5677 - Campcodes Online Recruitment Management System SQL Injection

CVE ID : CVE-2025-5677
Published : June 5, 2025, 7:15 p.m. | 4 hours, 18 minutes ago
Description : A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 19:15:00 GMT

read more

CVE-2025-46257 - BdThemes Element Pack Pro CSRF Vulnerability

CVE ID : CVE-2025-46257
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-46258 - BdThemes Element Pack Pro Missing Authorization Vulnerability

CVE ID : CVE-2025-46258
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : Missing Authorization vulnerability in BdThemes Element Pack Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Element Pack Pro: from n/a before 8.0.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5671 - TOTOLINK N302R Plus HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5671
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK N302R Plus up to 3.4.0-B20201028. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5672 - TOTOLINK N302R Plus HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5672
Published : June 5, 2025, 6:15 p.m. | 5 hours, 18 minutes ago
Description : A vulnerability has been found in TOTOLINK N302R Plus up to 3.4.0-B20201028 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 18:15:00 GMT

read more

CVE-2025-5670 - PHPGurukul Medical Card Generation System SQL Injection

CVE ID : CVE-2025-5670
Published : June 5, 2025, 5:15 p.m. | 6 hours, 18 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-48493 - "Redis AUTH Credentials Exposed in Yii Logs"

CVE ID : CVE-2025-48493
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-49009 - Facebook Para Facebook Auth Token Information Disclosure

CVE ID : CVE-2025-49009
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 in `FacebookAuthFilter.java` results in a full request URL being logged during a failed request to a Facebook user profile. The log includes the user's access token in plain text. Since WARN-level logs are often retained in production and accessible to operators or log aggregation systems, this poses a risk of token exposure. Version 1.50.8 fixes the issue.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5668 - PHPGurukul Medical Card Generation System SQL Injection Vulnerability

CVE ID : CVE-2025-5668
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5669 - PHPGurukul Medical Card Generation System SQL Injection

CVE ID : CVE-2025-5669
Published : June 5, 2025, 5:15 p.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Medical Card Generation System 1.0. This vulnerability affects unknown code of the file /admin/unreadenq.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 17:15:00 GMT

read more

CVE-2025-5667 - FreeFloat FTP Server REIN Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5667
Published : June 5, 2025, 4:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component REIN Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 16:15:00 GMT

read more

CVE-2025-5666 - FreeFloat FTP Server XMKD Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5666
Published : June 5, 2025, 4:15 p.m. | 4 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component XMKD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 16:15:00 GMT

read more

CVE-2025-5664 - FreeFloat FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5664
Published : June 5, 2025, 3:15 p.m. | 5 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component RESTART Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 15:15:00 GMT

read more

CVE-2025-5665 - FreeFloat FTP Server XCWD Command Handler Buffer Overflow

CVE ID : CVE-2025-5665
Published : June 5, 2025, 3:15 p.m. | 5 hours, 53 minutes ago
Description : A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component XCWD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 15:15:00 GMT

read more

CVE-2025-5663 - PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5663
Published : June 5, 2025, 2:15 p.m. | 6 hours, 53 minutes ago
Description : A vulnerability has been found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-autoortaxi.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-30084 - Joomla RSMail! Stored XSS

CVE ID : CVE-2025-30084
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or other input points, which is subsequently executed in the browser of any user who clicks on the crafted text in the dashboard.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-3768 - Devolutions Server Tor Network Bypass Vulnerability

CVE ID : CVE-2025-3768
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-47827 - IGEL OS Boot Signature Verification Bypass

CVE ID : CVE-2025-47827
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5382 - Devolutions Server Access Control Bypass

CVE ID : CVE-2025-5382
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5661 - "Traffic Offense Reporting System XSS Vulnerability"

CVE ID : CVE-2025-5661
Published : June 5, 2025, 2:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-0691 - Devolutions Server Access Control Bypass

CVE ID : CVE-2025-0691
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27445 - RSFirewall Joomla Path Traversal Vulnerability

CVE ID : CVE-2025-27445
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27753 - Joomla RSMediaGallery SQL Injection

CVE ID : CVE-2025-27753
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-27754 - Joomla RSBlog! Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-27754
Published : June 5, 2025, 2:15 p.m. | 3 hours, 29 minutes ago
Description : A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affected content.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 14:15:00 GMT

read more

CVE-2025-5658 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5658
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/updatecomplaint.php. The manipulation of the argument Status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5659 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5659
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Complaint Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /user/profile.php. The manipulation of the argument pincode leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5660 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5660
Published : June 5, 2025, 1:15 p.m. | 4 hours, 29 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 2.0. Affected by this issue is some unknown functionality of the file /user/register-complaint.php. The manipulation of the argument noc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 13:15:00 GMT

read more

CVE-2025-5656 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5656
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-category.php. The manipulation of the argument description leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5657 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5657
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5701 - HyperComments WordPress Privilege Escalation Vulnerability

CVE ID : CVE-2025-5701
Published : June 5, 2025, 12:15 p.m. | 5 hours, 29 minutes ago
Description : The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2011-10007 - Apache::FileFind::Rule Arbitrary Code Execution Vulnerability

CVE ID : CVE-2011-10007
Published : June 5, 2025, 12:15 p.m. | 5 hours, 13 minutes ago
Description : File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > "/tmp/poc/|id" $ perl -MFile::Find::Rule \     -E 'File::Find::Rule->grep("foo")->in("/tmp/poc")' uid=1000(user) gid=1000(user) groups=1000(user),100(users)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

CVE-2025-5341 - Forminator Forms Stored Cross-Site Scripting (XSS)

CVE ID : CVE-2025-5341
Published : June 5, 2025, 12:15 p.m. | 5 hours, 13 minutes ago
Description : The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id' and 'data-size’ parameters in all versions up to, and including, 1.44.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 12:15:00 GMT

read more

Retour sur le webinaire « Comment se faire labelliser ExpertCyber ? »

Organisé le 3 juin 2025, le webinaire « Comment se faire labelliser ExpertCyber ? » avait pour objectif de présenter les enjeux et modalités de la labellisation ExpertCyber, destinée aux prestataires de services informatique justifiant d’une expertise en cybersécurité.

Thu, 05 Jun 2025 12:02:00 GMT

read more

CVE-2025-5653 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5653
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/between-date-userreport.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5654 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5654
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-state.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5655 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5655
Published : June 5, 2025, 11:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Complaint Management System 2.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument subcategory leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 11:15:00 GMT

read more

CVE-2025-5651 - "Traffic Offense Reporting System Cross-Site Scripting Vulnerability"

CVE ID : CVE-2025-5651
Published : June 5, 2025, 10:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5652 - PHPGurukul Complaint Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5652
Published : June 5, 2025, 10:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 2.0. Affected is an unknown function of the file /admin/between-date-complaintreport.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-4568 - Apache HTTP Server Blind SQL Injection

CVE ID : CVE-2025-4568
Published : June 5, 2025, 10:15 a.m. | 4 hours, 13 minutes ago
Description : Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5650 - 1000projects Online Notice Board SQL Injection Vulnerability

CVE ID : CVE-2025-5650
Published : June 5, 2025, 10:15 a.m. | 4 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 10:15:00 GMT

read more

CVE-2025-5647 - Radare2 Radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5647
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5648 - Radare2 Buffer Overflow in r_cons_pal_init

CVE ID : CVE-2025-5648
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

CVE-2025-5649 - SourceCodester Student Result Management System Remote Access Control Bypass

CVE ID : CVE-2025-5649
Published : June 5, 2025, 9:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 09:15:00 GMT

read more

Soldes drsquo;été : 7 conseils pour éviter les cyber-arnaques

Durant les périodes promotionnelles, Cybermalveillance.gouv.fr appelle à la plus grande vigilance et délivre 7 conseils pour éviter de se faire escroquer.

Thu, 05 Jun 2025 09:00:00 GMT

read more

Lettres drsquo;information

Actualités, contenus et ressources thématiques pour vous sensibiliser aux risques numériques et aux bonnes pratiques associées, informations sur les cybermenaces… Retrouvez dans cette section les lettres d’informations de Cybermalveillance.gouv.fr.

Thu, 05 Jun 2025 09:00:00 GMT

read more

CVE-2025-5645 - Radare2 r_cons_pal_init Memory Corruption Vulnerability

CVE ID : CVE-2025-5645
Published : June 5, 2025, 8:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5646 - "Radare2 Rainbow Free Memory Corruption Vulnerability"

CVE ID : CVE-2025-5646
Published : June 5, 2025, 8:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 08:15:00 GMT

read more

CVE-2025-5641 - "Radare2 Memory Corruption Vulnerability in r_cons_is_breaked Function"

CVE ID : CVE-2025-5641
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in Radare2 5.9.9. It has been rated as problematic. This issue affects the function r_cons_is_breaked in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5642 - Radare2 radiff2 Memory Corruption Vulnerability

CVE ID : CVE-2025-5642
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5643 - "Radare2 Local Memory Corruption Vulnerability"

CVE ID : CVE-2025-5643
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5644 - Radare2 Use After Free Vulnerability in r_cons_flush Function

CVE ID : CVE-2025-5644
Published : June 5, 2025, 7:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 07:15:00 GMT

read more

CVE-2025-5683 - Qt QImage ICNS Format Image File Buffer Overflow

CVE ID : CVE-2025-5683
Published : June 5, 2025, 6:15 a.m. | 8 hours, 13 minutes ago
Description : When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3055 - WordPress User Frontend Pro File Deletion Vulnerability

CVE ID : CVE-2025-3055
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5639 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5639
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-5640 - "PX4-Autopilot MavlinkReceiver Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5640
Published : June 5, 2025, 6:15 a.m. | 6 hours, 38 minutes ago
Description : A vulnerability was found in PX4-Autopilot 1.12.3. It has been classified as problematic. This affects the function MavlinkReceiver::handle_message_trajectory_representation_waypoints of the file mavlink_receiver.cpp of the component TRAJECTORY_REPRESENTATION_WAYPOINTS Message Handler. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-3054 - WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-3054
Published : June 5, 2025, 6:15 a.m. | 6 hours, 13 minutes ago
Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 06:15:00 GMT

read more

CVE-2025-1793 - AWS Run-llama SQL Injection Vulnerability

CVE ID : CVE-2025-1793
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5636 - PCMan FTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5636
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5637 - PCMan FTP Server SYSTEM Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5637
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component SYSTEM Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5638 - PHPGurukul Notice Board System SQL Injection Vulnerability

CVE ID : CVE-2025-5638
Published : June 5, 2025, 5:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 05:15:00 GMT

read more

CVE-2025-5633 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5633
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5634 - PCMan FTP Server NOOP Command Handler Buffer Overflow

CVE ID : CVE-2025-5634
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5635 - PCMan FTP Server PLS Command Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-5635
Published : June 5, 2025, 4:15 a.m. | 6 hours, 37 minutes ago
Description : A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5632 - Content-Management-System News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5632
Published : June 5, 2025, 4:15 a.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 04:15:00 GMT

read more

CVE-2025-5629 - Tenda AC10 HTTP Handler PPTP Server Buffer Overflow Vulnerability

CVE ID : CVE-2025-5629
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5630 - D-Link DIR-816 Remote Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5630
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5631 - Content Management System and News-Buzz SQL Injection Vulnerability

CVE ID : CVE-2025-5631
Published : June 5, 2025, 3:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-48432 - Apache Django Log Injection Vulnerability

CVE ID : CVE-2025-48432
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : An issue was discovered in Django 5.2 before 5.2.2, 5.1 before 5.1.10, and 4.2 before 4.2.22. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-49466 - AERC Directory Traversal Vulnerability

CVE ID : CVE-2025-49466
Published : June 5, 2025, 3:15 a.m. | 5 hours, 53 minutes ago
Description : aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 03:15:00 GMT

read more

CVE-2025-5628 - SourceCodester Food Menu Manager Cross Site Scripting (XSS)

CVE ID : CVE-2025-5628
Published : June 5, 2025, 2:15 a.m. | 6 hours, 53 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 02:15:00 GMT

read more

CVE-2025-5626 - Campcodes Online Teacher Record Management System SQL Injection

CVE ID : CVE-2025-5626
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5627 - "Code-projects Patient Record Management System SQL Injection Vulnerability"

CVE ID : CVE-2025-5627
Published : June 5, 2025, 1:15 a.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-49008 - Atheos Command Injection Vulnerability

CVE ID : CVE-2025-49008
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheos administrators and users of vulnerable versions are at risk of data breaches or server compromise. Version 6.0.4 introduces a `Common::safe_execute` function that sanitizes all arguments using `escapeshellarg()` prior to execution and migrated all components potentially vulnerable to similar exploits to use this new templated execution system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5624 - "D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability"

CVE ID : CVE-2025-5624
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

CVE-2025-5625 - Campcodes Online Teacher Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5625
Published : June 5, 2025, 1:15 a.m. | 5 hours, 13 minutes ago
Description : A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 01:15:00 GMT

read more

Cybermois 2025

Le Mois européen de la cybersécurité est une initiative européenne (ENISA)
qui vise à sensibiliser aux cybermenaces et aux bons réflexes pour s’en protéger.
En France, il est piloté par Cybermalveillance.gouv.fr

Thu, 05 Jun 2025 01:11:00 GMT

read more

« Histoire de Cyber » : engagez-vous pour le Cybermois 2025

Et si vous deveniez acteur du Cybermois 2025 ? Nous vous invitons à vous engager et à prendre part à une action citoyenne en relayant la campagne de sensibilisation « Histoire de Cyber » tout au long du mois d’octobre. Rejoignez la mobilisation nationale : inscrivez-vous dès maintenant…

Thu, 05 Jun 2025 01:09:00 GMT

read more

Cybermois 2025 : kit de communication

Vous souhaitez communiquer sur le Cybermois 2025 auprès de vos publics, éditer les supports du Cybermois à vos couleurs ou réutiliser des contenus de sensibilisation ? Nous vous mettons à disposition différents outils incluant.

Thu, 05 Jun 2025 01:05:00 GMT

read more

CVE-2025-5620 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5620
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, was found in D-Link DIR-816 1.10CNB05. Affected is the function setipsec_config of the file /goform/setipsec_config. The manipulation of the argument localIP/remoteIP leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5621 - D-Link DIR-816 OS Command Injection Vulnerability

CVE ID : CVE-2025-5621
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5622 - D-Link DIR-816 Wireless Stack-Based Buffer Overflow

CVE ID : CVE-2025-5622
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5623 - D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5623
Published : June 5, 2025, 12:15 a.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 05 Jun 2025 00:15:00 GMT

read more

CVE-2025-5618 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5618
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5619 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-5619
Published : June 4, 2025, 11:15 p.m. | 7 hours, 13 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-49007 - Apache Rack Denial of Service Vulnerability

CVE ID : CVE-2025-49007
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5616 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5616
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5617 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5617
Published : June 4, 2025, 11:15 p.m. | 6 hours, 13 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 23:15:00 GMT

read more

CVE-2025-5690 - PostgreSQL Anonymizer Mask Data Read Bypass

CVE ID : CVE-2025-5690
Published : June 4, 2025, 10:15 p.m. | 7 hours, 13 minutes ago
Description : PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5613 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5613
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5614 - PHPGurukul Online Fire Reporting System SQL Injection

CVE ID : CVE-2025-5614
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5615 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5615
Published : June 4, 2025, 10:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 22:15:00 GMT

read more

CVE-2025-5612 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability

CVE ID : CVE-2025-5612
Published : June 4, 2025, 9:15 p.m. | 7 hours, 12 minutes ago
Description : A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-46341 - FreshRSS HTTP Auth Header Impersonation Vulnerability

CVE ID : CVE-2025-46341
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, when the server is using HTTP auth via reverse proxy, it's possible to impersonate any user either via the `Remote-User` header or the `X-WebAuth-User` header by making specially crafted requests via the add feed functionality and obtaining the CSRF token via XPath scraping. The attacker has to know the IP address of the proxied FreshRSS instance and the admin's username, while also having an account on the instance. An attacker can send specially crafted requests in order to gain unauthorized access to internal services. This can also lead to privilege escalation like in the demonstrated scenario, although users that have setup OIDC are not affected by privilege escalation. Version 1.26.2 contains a patch for the issue.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-48947 - Auth0 Next.js SDK Cache-Control Header Missing Vulnerability

CVE ID : CVE-2025-48947
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5610 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5610
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5611 - CodeAstro Real Estate Management System SQL Injection Vulnerability

CVE ID : CVE-2025-5611
Published : June 4, 2025, 9:15 p.m. | 5 hours, 12 minutes ago
Description : A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 21:15:00 GMT

read more

CVE-2025-5608 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5608
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-5609 - Tenda AC18 Buffer Overflow Vulnerability

CVE ID : CVE-2025-5609
Published : June 4, 2025, 8:15 p.m. | 6 hours, 12 minutes ago
Description : A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Wed, 04 Jun 2025 20:15:00 GMT

read more

CVE-2025-32015 - FreshRSS Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-32015
Published : June 4, 2025, 8:15 p.m. | 3 hours, 27 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `